Reduce Time Spent on Shared Spreadsheets
How CyberGRX Works for Third Parties
Shared spreadsheets are eating up your valuable resources and providing limited value. CyberGRX assessments use a smart, skip level logic approach, so they automatically calibrate to your responses—removing any redundant or irrelevant questions. And, once your assessment is complete, you can use The CyberGRX Exchange to proactively share it with any upstream partner you choose. Complete one assessment, share with many.
Complete a Tier 1, 2 or 3 CyberGRX Assessment
Receive a detailed roadmap for improving your security
Follow CyberGRX's remediation strategies
Share with your upstream business partners
Never complete another spreadsheet again
Third Parties spend
completing assessments each year
“The CyberGRX assessment process was comprehensive, yet seamless. The standardized assessment, and their global risk information Exchange, will help us save 400 hours or more traditionally spent on filling in assessments, so we can apply that time on proactively managing our security for our clients.”
Benefits for Third Parties
The CyberGRX Exchange and our risk assessments as-a-service help Enterprises and Third Parties cost-effectively identify, prioritize and mitigate risk.
Third-Party Cyber Risk LandscapeBreak-up with your current process and implement a third-party risk management solution that helps you identify, monitor and manage risk in a digital world.
Third-party contractors are the biggest source of security incidents outside of a company’s employees.
Approximately 66% of companies extensively or significantly rely on third-party vendors.
81% of organizations have seen an increase in third-party vendors in the past two years.
Less than 17% of organizations felt their current systems effectively managed third-party risk.
CyberGRX is a force multiplier for our third-party cyber risk management program. In just the first year we will be able to assess 3x more vendors than we assessed last year and reallocate the resources saved to true risk management and mitigation efforts.
Frequently Asked Questions
How much does this cost?
For the ordering customers, there are two elements to the cost model: an annual platform access fee and a per-assessment fee that varies according to tier of service. Platform access fees are paid annually; funds put into your CyberGRX account to cover assessment fees are evergreen. Once an assessment is ordered and delivered, customers receive access to that assessment and updates for a 12-month period.
How long does it take to complete an assessment?
Average timeframes to complete an assessment are as follows: ~75 days for Tier 1, ~28 days for Tier 2, ~35 days for Tier 2 Validated, and ~15 days for Tier 3. Our customer success team does an outstanding job helping third parties complete their assessments in a timely manner with training, support and coaching. That being said, average timeframes can vary depending on the unique situation.
If I post my assessment to the exchange, will anyone be able to see my data?
No. You are in control of your data. Once you have completed an assessment, that data will only be shared on an individual basis, pending your approval for each case. If you never want to share your assessment, no one will see your assessment results. However, we do let exchange customers know of the presence of an assessment in the exchange for your organization. This facilitates the ordering process by letting them know that an assessment is available.
What if I’m not satisfied with my assessment after it is completed, do I have to share it?
No, you don’t. Once you have completed an assessment, that data will only be shared on an individual basis, pending your approval for each customer. If you do not share an assessment that is ordered, however, you will most likely be required to fulfill the assessment obligation in some other way. Whereas, once you’ve completed a CyberGRX assessment, the CyberGRX platform allows you to continuously update your assessment and share with multiple customers, reducing time spent on filling in various assessment requests.
Can I provide additional materials with my assessment? SIG? SOC ll? Comments?
Yes, we allow for comments on our assessments. As part of our evidence validation process we also consider and accept a review of other materials such as a SIG or SOC II assessment. However, we only collect metadata on those documents (Title, date published / updated, etc.) and do not maintain a copy of the documents in our Platform. Allowing for additional attachments is under consideration. You are also welcomed to share any certification documents out of band with your customer, but the platform does not currently facilitate this sharing.